|
|
| |
InPerson is a multimedia desktop conferencing tool for IRIX workstations. There have been several reports of vulnerabilities in InPerson that allow users with local accounts on IRIX workstations to obtain root access.
SGI has investigated the issue and recommends the following steps for neutralizing the exposure. It is highly recommended that these measures be implemented on ALL vulnerable SGI systems. |
| |
Credit:
The information has been provided by SGI Security Coordinator.
|
| |
Impact:
InPerson is installed by default on IRIX 5.3 through IRIX 6.5.10.
A local user account on the vulnerable system is required in order to exploit the InPerson application.
These vulnerabilities can lead to a root compromise.
Temporary Solution:
The steps below can be used to remove the InPerson application to prevent exploitation of this vulnerability.
1) Check to see if the vulnerable subsystem is installed.
All versions of InPerson are vulnerable.
% versions -b InPerson
Name Date Description
I InPerson 07/18/2000 InPerson Desktop Conferencing, 2.2.1
2) Become the root user on the system.
% /bin/su -
Password:
#
3) Remove the vulnerable subsystem.
# versions remove InPerson
4) Return to previous level.
# exit
%
When possible, install SGImeeting to replace InPerson conferencing functionality.
Solution:
No SGI patches are currently available for the InPerson application.
Please remove the InPerson software from your system with steps in Temporary Solution section.
InPerson functionality has been replaced with SGImeeting that is compatible with Microsoft NetMeeting, PictureTel LiveShare Plus, SunForum, HP Visual Conference and other T.120 compliant clients.
Information on SGImeeting is available at:
http://www.sgi.com/software/sgimeeting/
SGImeeting 1.4 is available for IRIX 6.5.6 and above:
http://www.sgi.com/Products/Evaluation/6.5.6_sgimeeting_1.4/
SGImeeting 2.0 is available for IRIX 6.5.2 and above:
http://www.sgi.com/Products/Evaluation/6.5.2_sgimeeting_2.0/
|
|
|
